#dack_bonjour - webhook

Hi! No sorry that's not possible.

ouch 😦
Thanks anyway

mmmm....i try to explain to you the situation:

I've a client that uses whmcs (management and billing software) and this platform doesn't allow to pay without logging in.

What i'm doing is to build a little web application in order to perform the payment action (without logging in)

I check if the invoice is already paid and if not, i show the checkout of stripe with this code

\Stripe\Stripe::setApiKey(getenv('SK_STRIPE'));
$session = \Stripe\Checkout\Session::create(
[
'payment_method_types' => ['card'],
'customer_email' => $this->invoice->client->email ?? '',
'line_items' => [[
'price_data' => [
'currency' => 'eur',
'product_data' => [
'name' => "Fattura promorfa {$this->invoice->invoicenum}",
],
'unit_amount' => ($this->invoice->total * 100), // check https://stripe.com/docs/api#charges
],
'quantity' => 1,
]],
'mode' => 'payment',
'success_url' => 'http://localhost:8080/payment/success.php',
'cancel_url' => 'http://example.com/cancel',
]
);

?>

<script src="https://js.stripe.com/v3/"></script>
<script>
var stripe = Stripe("<?= getenv('PK_STRIPE') ?>");
stripe.redirectToCheckout({
sessionId: "<?php echo $session->id; ?>"
}).then(function(result) {
console.log(result);
});
</script>

my question is...how can i know if the payment succeeded and notify whmcs via api right after (without webhooks) ?

how can i know if the payment succeeded and notify whmcs via api right after (without webhooks) ?
The best way to do this is with webhooks. Why you don't want to use them?

because image that the client makes the payment directly in whmcs ...the webhook will be fired on my custom application also and i don't need to fire it here (if the payment has been made on whmcs direclty, only if the payment has been made in my custom application).

For this reason i asked if was possible to apply some logics to webhooks (fire webhook if payment has been made from a specific ip/domain)

You could add some metadata to the Checkout Session, and then in your webhook look at the metadata to see which domain made the request?

so what you mean is:

i receive anyway the call to my webhook but if the call has been made by a 'not allowed ip' i exit(); ?

When you create the Checkout Session, add a metadata that contains the IP address or domain name or something to identify who is making the API call.
Then in you webhook event, when listening to checkout.session.completed for example, check what is in the metadata field to decide what to do with the event (process it, ignore it, etc.)

yep, got it 🙂
it should work!

Last question.

I was testing the webhook locally with stripe CLI and in my webhook.php (the page reach by stripe webhook that calls the api in order to save on my side that the payment succeeded) I've a strange behaviour:

The call to the api works in other pages but when i place it in webhook.php the request timed out (i've required all the needed files and i don't have exception)

i'm using php

require_once(DIR . '/classes/requests/UpdateInvoiceAPI.php');
$a = new UpdateInvoiceAPI(1, 1);
$a->setInvoicePaid(); // This is the line that timed out

If i place that lines into a try/catch it doesn't handle any exceptions 😦

Do you have any suggestions ?

This code doesn't look like the Stripe php library, so I'm not sure I can help. You need to check your code and add some log to understand what is going on

FYI to pay in invoice in PHP you should use this: https://stripe.com/docs/api/invoices/pay?lang=php

i can't use custom code in my webhook ?

this is the entire process

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] != 'POST') {
echo json_encode(['error' => 'Invalid request.']);
exit;
}

// With signature verification:
$payload = file_get_contents('php://input');
$endpoint_secret = getenv('STRIPE_ENDPOINT_SECRET');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];

try {
$event = \Stripe\Webhook::constructEvent(
$payload, $sig_header, $endpoint_secret
);
} catch(\UnexpectedValueException $e) {
// Invalid payload
http_response_code(400);
echo $e;
exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
http_response_code(400);
echo $e;
exit();
}

// Handle the event
switch ($event->type) {
case 'payment_intent.succeeded':
$userID = (int) $event->data->object->metadata['user_id'];
$invoiceID = (int) $event->data->object->metadata['invoice_id'];
(new UpdateInvoiceAPI($userID, $invoiceID))->setInvoicePaid();
break;
default:
echo 'Received unknown event type ' . $event->type;
}

http_response_code(200);

and in the case 'payment_intent.succeeded' i'm using my custom code

(this is the page that i'm using to notify my billing platform api, whmcs, that the payment succeeded)

Of course you can use custom code in a webhook 🙂
But this looks like a PHP issue not directly related to Stripe, so not sure I can help.

You need to identify which line is creating the error/timeout, then add some logs/breakpoints to understand exactly what is going on.